Changed 'password_charset' default to 'UTF-8' (#6522)

6 years ago · 11216a1925
parent 4935213fc6
commit 11216a1925
4 changed files with 9 additions and 13 deletions
--- a/3
+++ b/3
@ -1,10 +1,11 @@
 CHANGELOG Roundcube Webmail
 ===========================

+- Changed 'password_charset' default to 'UTF-8' (#6522)
 - Add skins_allowed option (#6483)
 - SMTP GSSAPI support via krb_authentication plugin (#6417)
 - Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385)
- Removed referer_check option (#6440)
+- Removed 'referer_check' option (#6440)
 - Use constant prefix for temp file names, don't remove temp files from other apps (#6511)
 - Ignore 'Sender' header on Reply-All action (#6506)
 - Update to TinyMCE 4.8.2
--- a/config/defaults.inc.php
+++ b/config/defaults.inc.php
@ -538,11 +538,9 @@ $config['username_domain_forced'] = false;
 // For example %n = mail.domain.tld, %t = domain.tld
 $config['mail_domain'] = '';

-// Password character set.
-// If your authentication backend supports it, use "UTF-8".
-// Otherwise, use the appropriate character set.
-// Defaults to ISO-8859-1 for backward compatibility.
-$config['password_charset'] = 'ISO-8859-1';
+// Password character set, to change the password for user
+// authentication or for password change operations
+$config['password_charset'] = 'UTF-8';

 // How many seconds must pass between emails sent by a user
 $config['sendmail_delay'] = 0;
--- a/index.php
+++ b/index.php
@ -103,7 +103,7 @@ $RCMAIL->action = $startup['action'];
 // try to log in
 if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
    $request_valid = $_SESSION['temp'] && $RCMAIL->check_request();
-    $pass_charset  = $RCMAIL->config->get('password_charset', 'ISO-8859-1');
+    $pass_charset  = $RCMAIL->config->get('password_charset', 'UTF-8');

    // purge the session in case of new login when a session already exists
    $RCMAIL->kill_session();
--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@ -141,7 +141,7 @@ class password extends rcube_plugin
            $this->rc->output->command('display_message', $this->gettext('nopassword'), 'error');
        }
        else {
-            $charset    = strtoupper($this->rc->config->get('password_charset', 'ISO-8859-1'));
+            $charset    = strtoupper($this->rc->config->get('password_charset', 'UTF-8'));
            $rc_charset = strtoupper($this->rc->output->get_charset());

            $sespwd = $this->rc->decrypt($_SESSION['password']);
@ -152,12 +152,9 @@ class password extends rcube_plugin
            // check allowed characters according to the configured 'password_charset' option
            // by converting the password entered by the user to this charset and back to UTF-8
            $orig_pwd = $newpwd;
-            $chk_pwd = rcube_charset::convert($orig_pwd, $rc_charset, $charset);
-            $chk_pwd = rcube_charset::convert($chk_pwd, $charset, $rc_charset);
+            $chk_pwd  = rcube_charset::convert($orig_pwd, $rc_charset, $charset);
+            $chk_pwd  = rcube_charset::convert($chk_pwd, $charset, $rc_charset);

-            // WARNING: Default password_charset is ISO-8859-1, so conversion will
-            // change national characters. This may disable possibility of using
-            // the same password in other MUA's.
            // We're doing this for consistence with Roundcube core
            $newpwd = rcube_charset::convert($newpwd, $rc_charset, $charset);
            $conpwd = rcube_charset::convert($conpwd, $rc_charset, $charset);